Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(kms): add TagResource & UntagResource IAM permissions to default key policy #6125

Merged
merged 8 commits into from
Feb 10, 2020
Merged

fix(kms): add TagResource & UntagResource IAM permissions to default key policy #6125

merged 8 commits into from
Feb 10, 2020

Conversation

mattchrist
Copy link
Contributor

@mattchrist mattchrist commented Feb 5, 2020
edited by skinny85
Loading

Default key policy does not permit tagging the key. This PR changes the default kms IAM policy to allow adding and removing tags on the created kms key.

Fixes #6102

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@skinny85 skinny85 assigned skinny85 and unassigned rix0rrr Feb 6, 2020
@skinny85 skinny85 mentioned this pull request Feb 6, 2020
Closed
@skinny85 skinny85 changed the title fix(kms): add TagResource & UntagResource IAM permissions to default key policy. fixes #6102 fix(kms): add TagResource & UntagResource IAM permissions to default key policy Feb 6, 2020
skinny85
skinny85 approved these changes Feb 10, 2020
View reviewed changes
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the contribution @mattchrist ! This wasn't an easy one because of the integ test changes, so awesome work!

@mergify
Copy link
Contributor

mergify bot commented Feb 10, 2020

Thank you for contributing! Your pull request is now being automatically merged.

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Feb 10, 2020

Thank you for contributing! Your pull request is now being automatically merged.

@mergify mergify bot merged commit e65a326 into aws:master Feb 10, 2020
@mattchrist mattchrist deleted the 6102-kms-tagfix2 branch February 10, 2020 22:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skinny85 skinny85 skinny85 approved these changes

Assignees

@skinny85 skinny85

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

KMS keys do not inherit tags from parent stack
4 participants
@mattchrist @aws-cdk-automation @skinny85 @rix0rrr